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Abstract: A common firmware makes it easier to control and manage various IoT devices without 
many overheads. Common software platforms allow easy configurations as well as easy diagnosis of 
faulty operations. However, a common firmware also subjects the IoT components to various types of 
threats which can infiltrate the operational defense of these devices. Some of the key features required 
by IoT networks are remote diagnosis and management, data analytic, software upgrades, information 
passing and processing, and user mobility identification. All these form a type of application which 
allows access to the entire network once a particular feature is exploited. In this, a study is presented 
on the threats for oT networks and a context graph based framework is presented to provide a strategy 


for mitigating these attacks. 
Keywords: Common firmware, Network Security, Reliability. 
1. Introduction 


The opportunities for malicious individuals and groups to attempt to gain access to vehicle 
systems and information could widen significantly if suitable counter-measures are not implemented. 
Roadside infrastructure and intelligent transport systems (ITS), which are expected to be integrated 
with vehicle networks via V2X communications, are also potential targets for attack. Furthermore, a 
modified vehicle could become a ‘weapon’ for the attacker, by transmitting false warnings and 
messages in order to subvert the operation of vehicle networks, ITS and telematics services. Ensuring 
adequate security against such threats will therefore be critical for the successful deployment of V2X 


and ITS technologies. 


The communication networks are observing a tremendous increase in the number of devices 
which are predicted to go beyond 40% (of that were active in 2012) by 2020. All these devices have 
been arranged under a common term of “Internet of Things” (IoT). IoT allows integration of the vast 
variety of communication devices irrespective of their operational technology, which is also a 


challenging issue as a common firmware is required for all the devices. 
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Since there is no formal definition of IoT, same attacks which are applicable to any computing 
entity hold true in their case. Also, reduction in the human interventions and use of more automated 
systems in the IoT networks make it extremely important to secure the entire network as it may reveal 
critical information [1-12]. Apart from these, IoT networks are also considered as an integral part of 
civilian and military expeditions focusing surveillance, navigation, localization, equipment control, 


and currency transfers, etc. 
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Fig. 1: Cybersecurity Management 


Recent trends have focused on using RFID tags as embedded sources for IoT devices that do 
not connect to the network directly. Although, such strategy holds safe for the majority of application 
scenarios, but manipulation with RFID tags can easily make these vulnerable similar to a normal 
computing entity [13-27]. Thus, security of IoT devices irrespective of the mode and type of 
connectivity is of utmost importance and has been an area of concern for a majority of the security 
researchers across the globe. Considering a common platform for IoT devices, most of the business 


enterprises and vendors focus on making version-based IoT firmware that can be easily upgraded and 
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controlled. Such scenarios are possible by using a software-assisted networking. However, a software- 
assisted networking suffers from a major issue of zero-day vulnerabilities. Considering the level of 
deployment and configuration of networks, zero-day vulnerabilities are extremely dangerous for IoT 
networks [28-39]. Exploitation of a zero-day vulnerability can lead to a zero-day attack. Control over a 


single unit of loT software may expose the entire architecture. 


The name “Zero-day” is coined considering the negligible time available in mitigating these 
threats. The number of days for which an anomaly has been known directly affects the 
countermeasures and also the probability of remaining affected. It also has to do a lot with those 
software users who do not update security patches regularly [40-51]. Once a vulnerability is 
publicized, it is mandatory for the particular application users to immediately switch to the stable 


releases. However, failure in doing so leads to various consequences in the form of cyber-attacks. 
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Fig. 2; DDS Based Coding 


The effect of a zero-day vulnerability also depends on the mode of detection. If a vulnerability 
is identified by white hat hackers, it allows keeping it low profile until the security patches are not 
available; whereas identification of such vulnerabilities by a notorious group (black hat hackers) may 
subject the entire enterprise to failure. The vulnerability cycle for a zero-day attack may vary from 
scenario to scenario. In some cases, after identification of a bug, the hackers operate covertly leading 
to the full zero-day attack, while in some cases, the hackers may come forward (overt) and make threat 
public. Thus, it can be analyzed that a zero-day attack is not only because of the covert behavior of a 
hacker but also because of the delays in updating security patches once these are available in the 


public domain. 
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This is often explained in the terms of window of vulnerability. The window of vulnerability is 
the time gap in which the number of vulnerable systems remaining is negligible. It is evaluated as a 
software timeline considering the discovery phase, security patching, intermediate exploitation phase 


and patch applicability phase. 


For safety-related control systems, of which vehicles are perhaps the most widely encountered 
examples, it is possible that some cyber security threats may also have safety implications [52-64]. 
This possibility is now reflected in IEC 61508, the functional safety standard for safety-related 
electronic control systems in the process industries. However, security threats that are not 
safety-related, such as those affecting privacy or financial security, are beyond the scope of IEC 


61508. 


Standards and guidelines have already been developed to help ensure the security of 
information technology (IT) systems. However, as some cyber security threats to cyber physical 
systems may also impact on functional safety, there is a need to ensure that their treatment meets the 
requirements of safety engineering processes. Standards and guidelines have already been developed 


for functional safety of safety-related control systems, including vehicles. 


There is also a need to adapt IT security evaluation approaches in order to address the 
particular issues of automotive applications, such as the possibility that a security threat may also have 
safety implications. This section therefore summarizes a number of key concepts from these two 


disciplines. 
2. Methodology 


The network comprises various IoT devices and gadgets that operate either individually or 
collectively via a common gateway. The communication can be directly between the Mobile Node 
(MN) and the IoT device or indirectly between the MN and the IoT device via a gateway. The service 


providers are responsible for maintaining trust between the IoT and the MN. 


Currently, the proposed model emphasizes on a particular scenario in which an IoT device 
receives security updates that may lead to zero-day attacks; or when an attack is already launched and 
security updates confirm the attacks. The proposed approach uses strategic context graphs to ensure 
the safety of IoT devices against the zero-day attacks. The context graphs are implemented using 


Distributed Diagnosis System (DDS). The DDS are divided into three parts: 
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Fig. 3: An illustration of attacks 


(1) Central Diagnosis System (CDS): CDS is installed by the service providers on the central node 
of the network which is responsible for generating trust as well as the updates for the entire network. 
CDS is responsible for managing the Access Points (APs) control, and the operations of gateways for 


maintaining security in the case of high possibilities of threats. 


(2) Local Diagnosis System (LDS): LDS is operated as a dedicated device over the gateways. 
Usually, these are installed with the Home Gateways (HGW). LDS interacts with the CDS and shares 
its context graphs with it to ensure that all the security procedures are followed by the corresponding 


IoT device. 


(3) Semi Diagnosis System (SDS): SDS is responsible for directly managing the APs trust with the 
CDS. It shares the context of loT devices which directly interacts with an MN without relying on the 


local gateway. 
3. Strategic Context 


Device signatures (S,): This is the unique identity for each device. The signature is the embedded 


information about the IoT device which is stored at the CDS once it gets activated in the network. 
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Update Counter (U,): This is the firmware update counter which is randomly selected at the 
beginning of network registrations. These are updated using random integer values which are finalized 


by the CDS and change periodically without affecting the performance. 


Traffic Type (T,): This defines the context for the type of traffic to be generated for and by an IoT 
device. This helps the diagnosis system to analyze the content over a particular channel for its 


correctness. 


Header Length (Hj): It defines the bit length of the header field used by the diagnosis system. It 


contains all the necessary context metadata which is to be shared between the LDS, SDS, and CDS. 


Memory Range (M,): It denotes the maximum and minimum size of the packets generated by the 
IoT device. This helps to simply analyze if the size of the initial code is affected or not. Usually, these 
are not mishandled by the attackers, but still, in some cases, this is very useful to identify if the 


binaries of the firmware are altered or not. 


The types of devices operable in a network are considered to have valid pre-registered 
signatures along with a counter value. The counter value manages the count for the number of times 
the firmware of an IoT device is validated or encountered. The context for each IoT device is managed 
by its diagnosis system and periodically stored in logs and shared with the CDS. The context outline 


used in the proposed model is as follows: 


Route (R,): This field is used to check whether an IoT device is operable in LDS, SDS, or CDS 
region. This also allows tracking the actual route for managing the context between the network 


entities. 


The context graphs are used to generate the strategies which help in taking a decision regarding 
the presence of a threat amongst the IoT devices. The number of vertices in the context graphs is equal 
to the number of processing procedures an IoT device follows before generating an output and 
demanding an input. The context explained above forms the edges of the graph. After the time 
instance decided in the configuration of the network, the LDS and SDS evaluate these graphs for every 
corresponding IoT device ad share it with the CDS which also forms its own context graph for every 
IoT device. Along with the context graphs, the CDS also forms the context graphs for the subordinate 


network which includes the layers of APs, and gateways. 
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In order to take a strategic decision on the management of IoT devices against the zero-day 
attacks, the CDS follows a principle of modeling the counter and the random integer value used to 
manage the counter by the LDS, SDS and the device itself. Then, it performs mutual exclusion rule to 
trace the presence of a zero-day threat in the IoT network. The failure in the matching of the context 
stored and the context received from all the subordinates as well as the IoT device indicates the 


presence of a zero-day attack. 


It is to be noted that the strategic context graphs are applicable in the network only in the 
deployment phase, but not in the development phase. Thus, the proposed strategy can come handy 
only when a vulnerability is identified by the development team at lateral stages as well as during the 
release of security updates as it helps in tracking the contextual behavior of every IoT device. Once a 
possibility of attack is found, the proposed approach utilizes the critical data sharing protocol that 


helps in eliminating a particular IoT device before it exploits the entire network. 


The proposed approach uses a critical context/data sharing protocol in the scenarios with a 
potential zero-day threat. The protocol illustrates the procedures opted by the CDS once a threat is 
identified amongst the IoT devices leading to a zero-day exploitation. Once a threat policy is violated, 
the CDS sends alarming messages to its connected components that are its subordinates in the 
network. The alarming messages are followed by the patch for fixing the affected IoT device. This is 
followed by the reestablishment of the trust between all the connected components with the CDS. 
Once an alarming request is received, each subordinate’s diagnosis system shares context information 
to revalidate the trust. By the time, these steps are performed, the affected device updates its security 
mechanisms, and registers itself again with the CDS leading to the elimination of the threat without 
eliminating the device. On the contrary, CDS shares threat information with the SDS, trust information 
with the HGW, device information with the LDS, and finally, leads it to eliminate the incorrect device. 


This allows mitigating zero-day threats in loT networks. 
4. Conclusions 


The proposed approach used a distributed diagnosis system for classifying the context at the 
central service provider as well as at the local user site. Also, once a zero-day attack was potentially 
identified, a critical data sharing protocol was used to transmit alert messages and reestablish the trust 
between the network entities and the IoT devices. This is a progressive paper and the details on the 


full-fledged implementation along with critical evaluations will be presented in future reports. 
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